¶ºÒõ¹Ý

Announcements 04-27-2013

New gTLDs Impact on Internal Enterprise Security

Flavio Martins

It's common practice for network administrators to use internal non-public top level domain extension as a way to extend resource naming within their corporate network and help users differentiate between resources within and outside of their corporate network.

Product documentation often encouraged administrators to use these extensions in order to differential internal vs. external network sources.

In 2011, ICANN approved the launch of a new gTLD program enabling the purchase of new top level domain extensions. The program's goals emphasize enhancing competition online by allowing more domain names to be registered and gives consumers greater flexibility in their domain choices.

The gTLD program includes a strict set of requirements for operators wishing to register new extensions, but on the opening day of applications for the program, nearly 2000 organizations submitted their intention of registering new gTLDs.

Securing Networks withÌýgTLD Extensions

Enterprises that for years have utilized internal names like .mail, .corp, .local, .services, amongÌýothers inÌýtheir corporate network and secured internal names with SSL Certificates, would need to register any domain name usedÌýin order to continue securing those services with SSL Certificates.

This common networkÌýpractice combining public andÌýnon-public domains in SSL Certificates could prove problematic with the new registration requirement.

The (CASC), CA/Browser Forum, and many major enterprisesÌýhave requested that ICANN reconsider the release of some domain extensions, especially those proving most problematic to corporate networks.

Internal Name SSL Certificates

With the pending changes in previously internal domain name extensions, network administrators are scrambling to reconfigure their networks in order to stop the use of internal domain names. ¶ºÒõ¹Ý has setup a thorough tutorial to within corporate network to help administrators through the transition process.

To simplify the migration for Microsoft Exchange environments, theÌý for Exchange makes it easy for administrators to comply with the new guidelines eliminatingÌýthe need to .

Most new domain extensions will have little impact on the corporate network. However, extensions like .corp and .services will create the most disruption for system administrators.

Phasing Out Internal Names

Certificate Authorities have been required to phase out the use of internal names in SSL Certificates by 2015. Converting internal names to external public names should be a top priority for network administrators.

¶ºÒõ¹Ý has provided simply resources to help make the reconfiguration process easy and ¶ºÒõ¹Ý technical support engineers have been fully trained in the internal name migration and are available 24 hours a day to help with the process.

Administrators should frequently analyze their internal corporate network and ensure that all systems have been updated to use fully-qualified registered domain names. The ¶ºÒõ¹Ý Certificate Inspector cloud-based platform scans of internal networks for freeÌýmake internal name migration simple and easy.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-11-2024

FIPS 140-3 certification unlocked for ¶ºÒõ¹Ý TrustCore SDK

10-31-2024

Announcing the GA release of ¶ºÒõ¹Ý Device Trust Manager